Main Vulnerability Database Vulnerabilities #VU6793

#VU6793 Open redirect in IceWall Federation Agent - CVE-2017-8945

Published: May 29, 2017

Vulnerability identifier: #VU6793

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-8945

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IceWall Federation Agent

Software vendor:
HPE

Description

The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.

Remediation

Install update from vendor's website.

External links

http://h20566.www2.hpe.com/hpsc/doc/public/display?docId=hpesbgn03737en_us

#VU6793 Open redirect in IceWall Federation Agent - CVE-2017-8945

Description

Remediation

External links

Please verify you're human